account modify

account modify account_name_list
-mypwd password
-change {attribute_list | attribute value}

Options

-attribute value
As an alternative to using the -change option with an attribute list, you can change individual attribute options by prepending a hyphen (-) to any attributes listed in the Attributes topic in this reference page.

-change attribute_list
Allows you to modify attributes by using an attribute list rather than using individual attribute options. The format of an attribute list is as follows:
{{attribute value}…{attribute value}}

-mypwd password
Lets you supply your privileged password when changing policy or administration data. You must enter your privileged password to change an account password; otherwise, the -mypwd option is optional..

This check prevents a malicious user from using an existing privileged session to modify passwords of existing accounts.

-change attribute_list
Allows you to specify attributes using an attribute list rather than using the individual options such as -group, -organization, and so on. The format is:

{{attr attr_value} {attr attr_value} . . . {addtr attr_value}}

attribute_list | -attribute value
Specifies either an attribute list or individual attribute options that supply values for account attributes to be changed. As an alternative to using the -attribute option with an attribute list, you can create individual attribute options by prepending a hyphen (-) to any attributes listed in the Attributes topic of this reference page. The -attributes option is intended for use in scripts when you can paste in lengthy attribute lists output by previous commands. The individual attribute options might be easier to use for interactive commands. The created and lastchange attributes are system generated and cannot be modified directly.

Description
The account modify operation modifies account attributes. The -add and -remove options are not supported because the attributes created when the account is created cannot be deleted, nor can additional attributes can be added. To change an account attribute, supply the new value in an attribute list or as an individual attribute option. The operation returns an empty string on success.

To protect any passwords being entered, you can execute the account modify command only from within the dcecp program; you cannot enter this command from the operating system prompt using dcecp with the -c option.

Privileges Required
You must have rm (read, mgmt_info) permissions for the principal named in the account.

Examples
The following example changes the account's expiration date and login shell by specifying the expdate and shell attributes as individual attribute options.

dcecp> account modify John_Hunter -expdate 1998 -shell /bin/csh
dcecp>

dcecp> account show John_Hunter
{acctvalid yes}
{client yes}
{created /.../my_cell.goodco.com/cell_admin 1994-06-15-18:31:08.000+00:00I-----}
{description {}}
{dupkey no}
{expdate 1995-06-16-00:00:00.000+00:00I-----}
{forwardabletkt yes}
{goodsince 1994-06-15-18:31:05.000+00:00I-----}
{group users}
{home /}
{lastchange /.../my_cell.goodco.com/cell_admin 1994-06-16-12:21:07.000+00:00I-----}
{organization users}
{postdatedtkt no}
{proxiabletkt no}
{pwdvalid yes}
{renewabletkt yes}
{server yes}
{shell /bin/csh}
{stdtgtauth yes}
dcecp>

The following example generates a public key pair for John_Hunter.

dcecp> account modify John_Hunter -pkmechanism pkss \
> -generatekey 485 -nepassphrase pokey
dcecp>